Thanks. I had looked at and read that page. But, I obviously need to
meditate on it some more.
Eric
On 05/30/2013 11:00 AM, Matthias Radestock wrote:
> Eric,
>> On 30/05/13 15:35, Eric Cozzi wrote:
>> Thanks. Setting the local-username to a valid username fixed the
>> problem. But, I'm still confused.
>> Take a look at the diagram and explanation at
>http://www.rabbitmq.com/federation.html#details>>> I have RabbitMQ configured to use the auth_mechanism_ssl plugin. So, why
>> do I have to set the local-username at all? I expected that by setting
>> the client ssl-keys in the federation URI, federation would pull the
>> username out of the SSL key and use that to authenticate. This works for
>> normal clients connecting via SSL. Why doesn't this work for federation
>> clients?
>> The URIs you specify in the federation config tell a downstream
> (right-hand side of the diagram) how to establish an AMQP connection
> to an upstream (left-hand side of the diagram), thus establishing an
> upstream link (as labelled in the diagram) across which messages that
> have been published on the upstream are pulled to the downstream.
>> The ssl config in the broker configuration of the upstream, and the
> ssl settings in the URIs of the federation config of the downstream,
> control authentication and authorisation for that link.
>> But there is more....
>> Any messages pulled down over the upstream link are re-published
> locally, via a local/internal connection - indicated by the fat arrow
> on the right-hand side that loops back onto the exchange. That local
> connection requires a username for authorisation. It is that username
> which you set in the federation config with local-username.
>> Note that this user only requires authorisation, not authentication
> (hence no password, ssl credentials, etc).
>>> Regards,
>> Matthias.
>